I'm working on creating a back-end Admin form of the a current Games Settings, Players, etc. The Admin can then update the values in the form and resubmit the data if required.

I've created a form that will list a row for each player with all the players data. Thus, for a game, with 6 players, the form lists 6 rows of information. Each field for each row in the form is currently a text field that the Admin can update.

Can someone maybe explain how you would create the function for the form submission so it processes all of the fields in all of the rows?

The current form code looks something like below, and I've include a hidden Player ID (PID) field for possible use. Can you use a foreach or similar loop to update each players info in the form?


<form action="./admin/functions/function_admin_update_players.php" method="POST">
<table>
<tr>
<td id="create_title">PID</td>
<td id="create_title">Player</td>
<td id="create_title">Color</td>
<td id="create_title">State</td>
</tr>
<tr>
<input name="pid" type="hidden" value="1" />
<td>1</td>
<td><input name="pname" type="text" value="Player1" size="15" maxlength="32" /></td>
<td><input name="pcolor" type="text" value="green" size="15" maxlength="32" /></td>
<td><input name="pstate" type="text" value="dead" size="15" maxlength="32" /></td>
</tr>
<tr>
<input name="pid" type="hidden" value="2" />
<td>2</td>
<td><input name="pname" type="text" value="Player2" size="15" maxlength="32" /></td>
<td><input name="pcolor" type="text" value="blue" size="15" maxlength="32" /></td>
<td><input name="pstate" type="text" value="dead" size="15" maxlength="32" /></td>
</tr>
</table>
<input name="gid" type="hidden" value="482"/>
Submit: <input type="submit" name="updategame" value="Submit Changes">
<input type="reset" value="Reset Values"/>
<p>
</form>

Almost impossible for us to answer this without access to your database (MySQL?).

I can give the hint that with PHP forms, you can use arrays ...
<td><input name="pname[]" ...
<td><input name="pcolor[]" ...
<td><input name="pstate[]" ...

See this:
http://www.google.com/search?hl=en&q=php+form+arrays&btnG=Google+Search

Thanks for the tip.

I think I'm on the right track, but I want to sanitize the data before inserting it into a query.

So in my function to process the form, I have the following. B

// GET FORM DATA
$pid = $_POST['pid']; //Is an array
$pname = $_POST['pname']; //Is an Array

//Count the Number of Rows/Players
$num_rows = count($pid);

for($i=0; $i<$num_rows; $i++){
$player = $pname[$i];
//$player2 = mysql_real_escape_string($pname[$i]);
echo "pid " .$pid[$i] .": " . $player . "<br />";;
}

But I can't seem to get the real_escape_string to work properly. When I try to use $player2, I get the below error, which seems strange as the code doesn't have query info:
Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in \function_admin_update_players.php on line 16

dirty fast hack:


<form action="./admin/functions/function_admin_update_players.php" method="POST">
<table>
<tr>
<td id="create_title">PID</td>
<td id="create_title">Player</td>
<td id="create_title">Color</td>
<td id="create_title">State</td>
</tr>
<?php
$nrplayers = 6;
for($i = 0; $i < $nrplayers; $i++){
echo ' <tr>
<input name="pid['.$i.']" type="hidden" value="'.$i.'" />
<td>'.$i.'</td>
<td><input name="pname['.$i.']" type="text" value="Player'.$i.'" size="15" maxlength="32" /></td>
<td><input name="pcolor['.$i.']" type="text" value="green" size="15" maxlength="32" /></td>
<td><input name="pstate['.$i.']" type="text" value="dead" size="15" maxlength="32" /></td>
</tr>';
}
?>
</table>
<input name="gid" type="hidden" value="482"/>
Submit: <input type="submit" name="updategame" value="Submit Changes">
<input type="reset" value="Reset Values"/>
<p>
</form>

regards

You have to be connected to a database for mysql_real_escape_string() to work.

You have to be connected to a database for mysql_real_escape_string() to work.

Thanks. I didn't know that.

The form is kinda long with a number of dropdown selects, but the completed (and working) function that processes the data looks like follows. I'm still green (but getting better), so if someone sees a better way, please feel free to add some tips.

$gid = $_POST['gid']; //Hidden Field. Can not be changed by user

// GET FORM DATA All Fields are arrays 0 - XX
$pid = $_POST['pid'];
$pname = $_POST['pname'];
$pcolor = $_POST['pcolor'];
$pstate = $_POST['pstate'];
$pattackcard = $_POST['pattackcard'];
$pnumarmy = $_POST['pnumarmy'];
$pmission = $_POST['pmission'];
$pcaporg = $_POST['pcaporg'];
$pmail = $_POST['pmail'];
$pvote = $_POST['pvote'];
$pkick = $_POST['pkick'];
$pkills = $_POST['pkills'];
$ppoints = $_POST['ppoints'];

//Count the Number of Rows/Players
$num_rows = count($pid);

for($i=0; $i < $num_rows; $i++){
$details = null;
$pid = $i + 1; //Since Array starts with 0, but first pid is 1

$player = mysql_real_escape_string($pname[$i]);

$details .= " pname='$player',";
$details .= " pcolor='$pcolor[$i]',";
$details .= " pstate='$pstate[$i]',";
$details .= " pattackcard='$pattackcard[$i]',";
$details .= " pnumarmy='$pnumarmy[$i]',";
$details .= " pmission='$pmission[$i]',";
$details .= " pcaporg='$pcaporg[$i]',";
$details .= " pmail='$pmail[$i]',";
$details .= " pvote='$pvote[$i]',";
$details .= " pkick='$pkick[$i]',";
$details .= " pkills='$pkills[$i]',";
$details .= " ppoints='$ppoints[$i]'";

//UPDATE Players
$query = mysql_query("UPDATE game_players SET {$details} WHERE gid = {$gid} AND pid = $pid ");
}

header("Location: ../../index.php?p=edit&mode=players&gid={$gid}");